Possible to keep .htpasswd above www...

User 2010749 Photo


Registered User
3 posts

Hi! I've read that it is safer and more secure if the .htpasswd file is kept in a private folder above the www root directory, so that the file cannot be web-accessible. WAM by default seems to put the file in the www root directory. Is there any way to make it use a higher level private folder?

Currently, the .htpasswd file is residing in "/public_html/" along with .htaccess and index.html.

I would like .htpasswd to be in "/.htpasswds/", but leaving .htaccess and index.html in "/public_html/".

Can this be done?
User 103173 Photo


VP of Software Development
0 posts

Sorry, but no. They all go in the server root folder.
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
User 2010749 Photo


Registered User
3 posts

Thanks Scott. Do you think there is much of a risk by having .htpasswd in the root folder, or should I not worry too much?
User 103173 Photo


VP of Software Development
0 posts

Paul Finnemore wrote:
Thanks Scott. Do you think there is much of a risk by having .htpasswd in the root folder, or should I not worry too much?

None at all. Apache will not even allow those files to be viewable over the Web.
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
User 2010749 Photo


Registered User
3 posts

That's good news, and thanks again. Excellent program by the way, very easy to use and just what I was looking for.

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.